Dodaj do ulubionych

poprosze o sprawdzenie logo:) z gory dziekuje:)

IP: *.kon.tvknet.pl / *.tvknet.pl 20.06.05, 23:38
Logfile of HijackThis v1.98.0
Scan saved at 23:37:25, on 2005-06-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\Drivers\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
c:\windows\system32\rhfrlt.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup
Program\AudioDeck\AudioDeck.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
C:\PROGRA~1\SIEMEN~2\SDS\SPHONE~2.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\tools\antyvirusy\hijackthis1980.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.konin.lm.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
www.konin.lm.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = pulsar.tvknet.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} -
C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2
\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program
Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services]
C:\WINDOWS\system32\Drivers\svchost.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [bqobwdj] c:\windows\system32\rhfrlt.exe r
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies,
Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core
Center\CoreCenter.exe
O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite
SX1\SDS\SDSScheduler.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Pobierz wszystko przez Net Transport -
C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
Obserwuj wątek
      • Gość: marzyciel Re: poprosze o sprawdzenie logo:) z gory dziekuje IP: *.kon.tvknet.pl / *.tvknet.pl 21.06.05, 10:17
        Logfile of HijackThis v1.99.1
        Scan saved at 10:15:31, on 2005-06-21
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        c:\windows\system32\dowlile.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
        C:\WINDOWS\system32\RunDll32.exe
        C:\WINDOWS\system32\Drivers\svchost.exe
        C:\Program Files\D-Tools\daemon.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup
        Program\AudioDeck\AudioDeck.exe
        C:\Program Files\MSI\Core Center\CoreCenter.exe
        C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
        C:\PROGRA~1\SIEMEN~2\SDS\SPHONE~2.EXE
        C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
        C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\cisvc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\Program Files\Norton Utilities\NPROTECT.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\Speed Disk\nopdb.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\cidaemon.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\wincmd\WINCMD32.EXE
        C:\tools\antyvirusy\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.konin.lm.pl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
        www.konin.lm.pl/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyServer = pulsar.tvknet.pl:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - Default URLSearchHook is missing
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
        C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
        Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
        O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} -
        C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
        Shared\ccRegVfy.exe"
        O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2
        \AdvTools\ADVCHK.EXE
        O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program
        Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
        \SNDMon.exe /Consumer
        O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\system32
        \Drivers\svchost.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
        lang 1033
        O4 - HKLM\..\Run: [tklpbzx] c:\windows\system32\dowlile.exe r
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA
        Audio Driver Setup Program\AudioDeck\AudioDeck.exe
        O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core
        Center\CoreCenter.exe
        O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1
        \SDS\SDSScheduler.exe
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
        Files\Xi\NetTransport 2\NTAddLink.html
        O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program
        Files\Xi\NetTransport 2\NTAddList.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINDOWS\System32\msjava.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\WINDOWS\System32\msjava.dll
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
        C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
        housecall.trendmicro-europe.com/housecall/Xscan53.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
        Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
        Files\iPod\bin\iPodService.exe
        O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
        Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
        O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
        Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program
        Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
        O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program
        Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
        Files\Speed Disk\nopdb.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\Security Center\
        • Gość: Kolobos Re: poprosze o sprawdzenie logo:) z gory dziekuje IP: *.warszawa.sdi.tpnet.pl 21.06.05, 10:51
          Jezeli uzyles juz nailfix (najlepiej w trybie awaryjnym) to usun w hijackthis
          te wpisy:

          R3 - Default URLSearchHook is missing
          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
          O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\system32
          \Drivers\svchost.exe
          O4 - HKLM\..\Run: [tklpbzx] c:\windows\system32\dowlile.exe r

          A jezeli wpisy z nail'em znowu wroci to uruchom windows w trybie awaryjnym,
          uzyj go i usun w hijackthis.
    • Gość: marzyciel Re: poprosze o sprawdzenie logo:) z gory dziekuje IP: *.kon.tvknet.pl / *.tvknet.pl 21.06.05, 13:46
      Zrobilem tak jak napisales ale problem nie zniknal:(

      Oto log:

      Logfile of HijackThis v1.99.1
      Scan saved at 13:45:20, on 2005-06-21
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      c:\windows\system32\fmikfqc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Tlen.pl\tlen.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
      C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup
      Program\AudioDeck\AudioDeck.exe
      C:\Program Files\MSI\Core Center\CoreCenter.exe
      C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
      C:\PROGRA~1\SIEMEN~2\SDS\SPHONE~2.EXE
      C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
      C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton Utilities\NPROTECT.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Speed Disk\nopdb.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\EYH\aurareco.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\tools\antyvirusy\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.konin.lm.pl/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
      www.konin.lm.pl/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      Settings,ProxyServer = pulsar.tvknet.pl:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
      C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
      Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
      C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} -
      C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
      Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2
      \AdvTools\ADVCHK.EXE
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
      \NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program
      Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
      \SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
      lang 1033
      O4 - HKLM\..\Run: [rovevuo] c:\windows\system32\fmikfqc.exe r
      O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA
      Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core
      Center\CoreCenter.exe
      O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1
      \SDS\SDSScheduler.exe
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
      Files\Xi\NetTransport 2\NTAddLink.html
      O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program
      Files\Xi\NetTransport 2\NTAddList.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\WINDOWS\System32\msjava.dll
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
      C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
      housecall.trendmicro-europe.com/housecall/Xscan53.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
      Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
      Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
      Files\iPod\bin\iPodService.exe
      O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
      Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
      Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program
      Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
      O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program
      Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
      C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
      Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
      Files\Speed Disk\nopdb.exe
      O23 - Service: System Startup Service (SvcProc) - Unknown owner -
      C:\WINDOWS\svcproc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
      Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

      • Gość: Kolobos Re: poprosze o sprawdzenie logo:) z gory dziekuje IP: *.warszawa.sdi.tpnet.pl 21.06.05, 14:06
        No to jeszcze raz ;-)

        Przy starcie systemu nacisnij F8 wybierz Tryb awaryjny, uzyj:
        free.of.pl/k/kolobos/nailfix.zip (naciskasz na nailfix.cmd ;-))

        Dla pewnosci sciagnij tez:
        www.downloads.subratam.org/KillBox.zip
        Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam/a nie
        szukaj tylko wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o
        reset odpowiadaj nie i tak zrob z tymi plikami:

        c:\windows\system32\fmikfqc.exe
        C:\WINDOWS\Nail.exe
        C:\WINDOWS\svcproc.exe
        C:\Windows\system32\DrPMon.dll

        Po resecie usuwasz w hijackthis:

        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O4 - HKLM\..\Run: [rovevuo] c:\windows\system32\fmikfqc.exe r
        O23 - Service: System Startup Service (SvcProc) - Unknown owner -
        C:\WINDOWS\svcproc.exe

      • netsec Re: Usuwanie Nail.exe 22.06.05, 12:14
        Plik Nail.exe kasujesz w trybie awaryjnym z wyłączonym przywracaniem systemu.
        Po tym w normalnym trybie kasujesz ten wpis F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe aby system nie wywalał błędu o braku pliku i to wszystko :P
        Killbox akurat z tym przypadkiem sobie nie radzi nie wiem dlaczego, ale mi się nie chce analizować :-)

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka